<?php
/*
 * This page is to insert update and delete company info.
 */
include '../config.php';
/*
 * get password key
 */
$ky = mysql_fetch_array(mysql_query("select * from pro where name = 'passkey'")) or die(mysql_error());
$key = $ky['value'];


$action = $_POST['action'];
switch ($action) {
    case 'new':             # create a new hospital.
        /*
         * 1st Entry into fa_user table
         */
        $pass = $_POST['password'];
        $password = _encode($pass, $key);
        mysql_query("insert into fa_user (id,user_name,password,email,role,banned) values(NULL,'" . $_POST['user_name'] . "','" . $password . "','" . $_POST['email'] . "','hospital',0) ") or die(mysql_error());
        $id = mysql_insert_id();
        /*
         * 2nd entry in salus_hospital_list table
         */
        mysql_query("insert into salus_hospital_list (sr,hospital_id,name,person,email,phone,country) values (NULL,$id,'" . $_POST['name'] . "','" . $_POST['person'] . "','" . $_POST['email'] . "','" . $_POST['phone'] . "','" . $_POST['nation'] . "') ") or die(mysql_error());
        header('Location:../hospital');
        break;

    case 'update':          #update company info
        mysql_query("update salus_hospital_list set name='" . $_POST['name'] . "', person='" . $_POST['person'] . "', email='" . $_POST['email'] . "', country='" . $_POST['nation'] . "',phone = '".$_POST['phone']."' where sr='" . $_POST['id'] . "' ") or die(mysql_error());
        header('Location:../hospital');
        break;

    case 'generate':    # generate pre-paid code for users.
        /*
         * Random string generator
         */

        function random_string() {
            $character_set_array = array();
            $character_set_array[] = array('count' => 5, 'characters' => 'abcdefghijklmnopqrstuvwxyz');
            $character_set_array[] = array('count' => 1, 'characters' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ');
            $character_set_array[] = array('count' => 1, 'characters' => '0123456789');
            $character_set_array[] = array('count' => 1, 'characters' => '!@#$+-*&?');
            $temp_array = array();
            foreach ($character_set_array as $character_set) {
                for ($i = 0; $i < $character_set['count']; $i++) {
                    $temp_array[] = $character_set['characters'][rand(0, strlen($character_set['characters']) - 1)];
                }
            }
            shuffle($temp_array);
            return implode('', $temp_array);
        }

        $cid = $_POST['company_id'];
        $pid = $_POST['product_id'];
        $cost = $_POST['cost'];
        $yr1 = $_POST['yr1'];
        $yr3 = $_POST['yr3'];
        $yr5 = $_POST['yr5'];
        $discount = $_POST['discount'];
        /*
         * inserting into seller details.
         */
        if ($yr1 != '') {
            $mpid = mysql_query("select * from salus_buy_detail where product_year='1 year' and FK_fa_product_id=$pid ") or die(mysql_error());
            while ($row = mysql_fetch_array($mpid)) {
                $pro_detail_id = $row['id'];
            }
            mysql_query("insert into salus_seller_details (sr,cid,product_id,total_codes,pro_detail_id,cost,discount,purchase_date) values (NULL,$cid,$pid,$yr1,$pro_detail_id,$cost,$discount,'" . date('Y-m-d') . "') ");
            $sdid1 = mysql_insert_id();
        }


        if ($yr3 != '') {
            $mpid1 = mysql_query("select * from salus_buy_detail where product_year='3 years' and FK_fa_product_id=$pid ") or die(mysql_error());
            while ($row1 = mysql_fetch_array($mpid1)) {
                $pro_detail_id1 = $row1['id'];
            }
            mysql_query("insert into salus_seller_details (sr,cid,product_id,total_codes,pro_detail_id,cost,discount,purchase_date) values (NULL,$cid,$pid,$yr3,$pro_detail_id1,$cost,$discount,'" . date('Y-m-d') . "') ");
            $sdid3 = mysql_insert_id();
        }

        if ($yr5 != '') {
            $mpid2 = mysql_query("select * from salus_buy_detail where product_year='5 years' and FK_fa_product_id=$pid ") or die(mysql_error());
            while ($row2 = mysql_fetch_array($mpid2)) {
                $pro_detail_id2 = $row2['id'];
            }
            mysql_query("insert into salus_seller_details (sr,cid,product_id,total_codes,pro_detail_id,cost,discount,purchase_date) values (NULL,$cid,$pid,$yr5,$pro_detail_id2,$cost,$discount,'" . date('Y-m-d') . "') ");
            $sdid5 = mysql_insert_id();
        }



        /*
         * Code Generatings
         */

        if ($yr1 != '') {
            for ($i = 0; $i < $yr1; $i++) {
                $code = $cid . $pid . random_string();
                mysql_query("insert into salus_prepaid_codes (id,seller_detail_id,prepaid_code) values(NULL,$sdid1,'" . $code . "') ") or die(mysql_error());
            }
            $total = $yr1;
        }

        if ($yr3 != '') {
            for ($i = 0; $i < $yr3; $i++) {
                $code = $cid . $pid . random_string();
                mysql_query("insert into salus_prepaid_codes (id,seller_detail_id,prepaid_code) values(NULL,$sdid3,'" . $code . "') ") or die(mysql_error());
            }
            $total = $total + $yr3;
        }

        if ($yr5 != '') {
            for ($i = 0; $i < $yr5; $i++) {
                $code = $cid . $pid . random_string();
                mysql_query("insert into salus_prepaid_codes (id,seller_detail_id,prepaid_code) values(NULL,$sdid5,'" . $code . "') ") or die(mysql_error());
            }
            $total = $total + $yr5;
        }
        echo $total . '----codes are generated.';

    default:
        break;
}



/*
 * Password encryption.
 */

function _encode($password, $key) {
    $majorsalt = null;
    if ($key != '') {
        $_password = $key . $password;
    } else {
        $_password = $password;
    }
    if (function_exists('str_split')) {
        $_pass = str_split($_password);
    } else {
        $_pass = array();
        if (is_string($_password)) {
            for ($i = 0; $i < strlen($_password); $i++) {
                array_push($_pass, $_password[$i]);
            }
        }
    }

    foreach ($_pass as $_hashpass) {
        $majorsalt .= md5($_hashpass);
    }
    return $password = md5($majorsalt);
}
?>
<a href="../hospital.php">Hospital Page</a>